Research Overview



The Internet has evolved to become a commercial infrastructure for service delivery. However, the Internet being an enormous, highly-dynamic, heterogeneous, and untrusted environment raises several challenges for building Internet-scale services with good scalability, efficiency, agility and security.  The overarching goal of my research is to provide networking and system support for Internet services and applications to address these challenges.


In particular, I have been focused on monitoring the network for performance measurement, diagnosis, trouble shooting, and anomaly and intrusion detection.  Central to these challenges are the infrastructure ossification and lack of understanding of the Internet artifact.  For the first challenge, the ability to deploy innovative disruptive technologies in the core infrastructure (which is operated mainly by businesses) is extremely limited.  Consequently, we propose to use the overlay networks, which introduce new functionality within the network near the edges, and assume as little changes to the routers as possible.  For the second challenge, it has proved difficult to characterize, understand, and model the enormous volume and great variety of Internet traffic in terms of large-scale behaviors. However, without this deep understanding, it is very hard, if not impossible, to design new protocols, architectures, or services that will work better for the Internet.  


My research methodology is the combination of theory, synthetic/real trace driven simulation, and real-world implementation and deployment.  We draw from diverse fields of applied mathematics, such as combinatorial algorithms, linear algebra and statistical learning as needed to better understand the design space structure.  To get access to the real Internet measurement (often proprietary), we have been actively collaborating with researchers from various places, such as AT&T Labs, HP Labs, Yahoo!, Keynote, Microsoft Research, Fermi National Labs, National Laboratory for Applied Network Research (NLANR), and the Internet Storm Center of the SANS (SysAdmin, Audit, Network, Security) Institute. 


I run the Northwestern Lab for Internet and Security Technology, where my students and I are working on the following projects: 1) Global Router-based Anomaly/Intrusion Detection (GRAID) Systems; 2) Overlay Network Monitoring and Diagnostics ; and 3) A Peer-to-Peer System for Tunable, Dynamic, and Heterogeneous Information Retrieval (collaborated with Yahoo! and UIUC).  I was affiliated with the SAHARA and OceanStore projects at U. C. Berkeley.